Chapter 4: Basic Operations 45
4. Enable/disable checkboxes or select values as indicated for each setting.
5. Click Save.
Table 4.3: System Certificate Policy
Feature Value when enabled
Chain Building
Authority Info Access (AIA)
Permits the DSView 3 software to use the AIA certificate extension to
locate a certificate’s issuer.
Max chain length
Maximum allowable number of certificates (inclusive) between the leaf
certificate and a trusted certificate. Valid range is 1-16.
Chain Validation
Partial chains
Allows partial chains. (If disabled, partial chains will be considered
invalid, even if the chain contains a trusted certificate.)
Usage flags
A certificate may be used only for the reasons dictated in the
certificate. For example, a certificate must be flagged as CA
(Certificate Authority) to be considered a valid certificate issuer.
Validity period
The current date and time on the server must be within the window on
each certificate in the chain.
Verify signatures The signatures within the certificate chain are checked for validity.
Certificate Revocation Lists (CRL)
CRL checks
If CRLs are available, they are checked to determine a certificate’s
revocation status.
Distribution points CRLs may be located using the distribution point certificate extension.
Reject on error
The DSView 3 software will reject a certificate chain if a CRL is
specified (either in the certificate or the DSView 3 trust store) and it
cannot be read or is invalid.
Secure Sockets Layer (SSL)
Name verification Outbound SSL connections will verify server names.
Subject alternative names
The server names may match the certificate common name or one of
the subject alternative names.
User Certificates
Verify using trust store
User certificates presented to the DSView 3 software are verified using
the System Trust Store.